Web Attacks

Skills Assessment

Authenticate to 94.237.49.11 with user "htb-student" and password "Academy_student!"

Intercept Login of htb-student

GET /api.php/user/74

Send to Intruder and fuzz from 1 to 100 with number list.

Administrator role is at uid 52.

Reset password of a.corrales via current session of htb-student

  1. Get API token of a.corrales with uid=52

Change uid and token value in GET /reset.php?uid=

a.corrales:francis

Click Add Event and intercept the traffic with burp.

XML data use XXE local file disclosure on name field.

PreviousQuestionsNextBlind Data Exfiltration

Last updated